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Historically, Vulnerability 
Management was all about listing 
and reporting your vulnerabilities. 
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The Simple Iteration 


1. Scan 2. Report 
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Repetitive reporting doesn't scale. 
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The Past: 


Monthly / Yearly Scans 


Dramatic differences 


between scans over time The Future: 


Multiple Continuous Data Feeds 


Tiny differences 
between scans over time 
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Over the last year, Qualys has been 
laying the foundation for anew 
breed of security monitoring... 
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Instead of Reports, Qualys is 
pioneering a fundamental shift — 
to Events... 


(Y QUALYS 


We call it: 
Continuous Security 
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A continuous stream of all the 
changes in your environment and 
security posture. 
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Qualys is far more than just 
vulnerability data. 


software 
Installed 
© Software + 


ae Open Ports 
1+ Billion Scans 


Bet Year pa Web Application 


) | Firewall Events 


SSL 
Certificates 


Malware 


Compliance and 
Configuration 
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Web App Bugs 


401,856,255,180 


(about 400+ billion events per year) 
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Very powerful filtering engine 
with a very Simple interface. 


(Y QUALYS 


AIS Ho DE Lo - F yY 


Fi occon g 
SN Sin aa arr À Bc oo 


CR KA KEMA 
ae 


(0) QUALYS 


14 


QvatysGuar D" 


Continuous Monitori! 


Configuration 


Ruleset Builder 


Use the drag and drop alert ruleset builder below to customize the events you would like to be z 


[Write a short description of this ruleset... 


Rule Alert Triggers 


cl © 


Vulnerability 


Actual Rule 


Ou 
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Continuous Monitoring { ÑO Hepv Jef Huttman (quays_eht) w 


Dashboard Alerts Configuration 


a 
Profiles: Qualys Perimeter profile 


Ruleset: High Perimeter Edt Hide Graph 


Alert Triggers: 394 Host 134 Vulnerability 126 Certificate 73 PoníSerace 60 


ALERT ACTIVITY Dane range: [Last Daya y 


À am A AK 4 Lama 


Monday, 22 Mar Tuesday, 23 Mar Wednesday, 24 Mar Thursday Friday, 26 Mar Saturday, 27 Mar Sunday, 28 Mar 


Alert Message Host Impacted 


New Open Port: 22/tcp (ssh) 102 103.121.3 
Found on host ms25.vuln.qa.qualys.com by the scan My Vulnerability Scan on Wed Aug 14 2013 at 00:02:37 GMT-0700 


New SSL Certificate Found 7102.13.71 (28 mins ago 
The certificate localhost localdomain for SomeOrganization issued by <issuer> was detected on host ns25.vuln.qa.qualys.com on Wed Aug 13 


New Host Found 109 50 75 11 {1 hour ago) 
Host ns180.vuln.ga.qualys.com with the OS Linux 2.2-26 found by the scan My Vulnerability Scan on Wed Aug 14 at 00:02:37 (GMT-0700) 


Host Information Updated 102.103.121.3 (Yesterday 
Host n5100.vuin.qa.qualys.com was updated based on results from the scan My Vulnerability Scan on Wed Aug 14 at 00:02:37 (GMT-0700) 


New Vulnerability Found: QID 15069 MN 101.45.111.9 (Yesterday) 
PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability was found on host ns25.vuln.qa.qualys.com by the scan My Vulnerability Scan on Wed Aug 14 


2013 a1 00:02:37 GMT.0700 


Port Changed: 22/tcp (ssh) 102.103.121.3 (3 mins ago) 
Changed on host ns25.vuln.qa.qualys.com, detected by the scan My Vulnerability Sean on Wed Aug 14 2013 at 00:02:37 GMT-0700 


Host Purged 102.103.121.3 
Host ns25.vulnqa.qualys.com was purged on Wed Aug 14 2013 at 00:02:37 GMT-0700 


Vulnerability Closed: QD 15069 MN 107.102 1: T 

PHPBB2 ViowTopic PHP Cross Site Scripting Vulnerability is no longer found on host ns25.vuin.qa.qualys.com, veriSed by the scan My Vulnerability Scan 
on Wed Aug 14 2013 at 00:02:37 GMT-0700 

New Vulnerability Prediction: QID 15069 WANA 107.102 1371 

Predicted for host ns25.vuln.qa.qualys.com with these matching conditions: OS Windows 7 Ultimate Service Pack 1. application Microsoft Excel 2010, 


version 14.0.6024.1000. last found on Wed Aug 14 2013 


Ticket Closed: Ticket #007008 107.102.13.71 jul 20 
Clasedgnored on Wed Aug 21 2013 by Tricia Trujillo. Vuinerabilty: PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability (QID 15069) 


Show me more 


About | Terms of Use | Support Cepyright ©2012 Qualys Software, Inc. All rights reserved. 
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Demo! 


(may the odds be ever in my favor) 
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CONTINUOUS SECURITY 


Thank You 
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Continuous Monitoring v Help w Harry Potter w Log out 


Alerts Configuration 


Alerts 
El Search a 
Profile: (All Monitoring Profiles) v | Ruleset (multiple profiles selected) Edit Date Range: Last 7 days M| Hide graph 
40K 
20K 
0 
8. Nov 9. Nov 10. Nov 11. Nov 12. Nov 13. Nov 14. Nov 15. 
v 92,201 alerts Fv 
i Alert Message Host Impacted Time RA 
Software Changed: Update for Windows Server 2003 (KB911164) 10.10.26.149 17 hours ago 


Software version 1 changed on host 2k3-cf8-26-149 


Software Changed: Adobe Flash Media Server 3.5.1 10.10.26.149 17 hours ago 
Software version changed on host 2k3-cf8-26-149 


Software Changed: Windows Internet Explorer 10.10.26.149 17 hours ago 
Software version 6.0.3790.1830 changed on host 2k3-cf8-26-149 


Port Changed: 80/tcp (SAP MaxDB) 10.10.26.149 17 hours ago 
Port changed on host 2k3-cf8-26-149 


Active Vulnerability: QID 90882 MIN 10.10.26.149 17 hours ago 
Windows Remote Desktop Protocol Weak Encryption Method Allowed is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90781 MIN 10.10.26.149 17 hours ago 
Microsoft ASP .NET National ASCII Codepages Cross-Site Scripting Vulnerability is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 100112 MIN 10.10.26.149 17 hours ago 
Microsoft Internet Explorer Cache Objects History Enumeration Vulnerability - Zero Day is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90317 MIN 10.10.26.149 17 hours ago 
Microsoft ART Image Rendering Remote Code Execution Vulnerability (MS06-022) is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90698 BEME 10.10.26.149 17 hours ago 
Microsoft Foundation Class Library Remote Code Execution Vulnerability (MS11-025) is active on host 2k3-cf8-26-149 
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D 


g Profi 


Software version 1 changed on host 2k3-cf8-26-149 


Name 
6 id 
© flag 
© eventCategory 
© eventDate 
© eventType 
© hostname 
© ipAddress 
© aidTitle 
4 Pz eventData 
© source 
> Om asset 
a Pz softwarelnfo 
© applicationName 
© applicationVersion 
© sourceType 


© sourceld 


Value 
1347394 


Software 

Nov 14, 2013 at 4:21 AM GMT-0800 
Software changed 

2k3-cf8-26-149 

10.10.26.149 


Installed Applications Enumerated From Windows Installer 


Vulnerability scan 


Update for Windows Server 2003 (KB911164) 
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-cf8-26-149 


View Mode Alert Notifications 


Asset Summary Event History for the last 7 days 


Port Software Vulnerability 
Open Ports 1 rá 242 


Installed Software 250 Events Logged 


Vulnerabilities > ES Software Changed: Update for Windows Server 2003 (KB911164) 


Software version 1 changed on host 2k3-cf8-26-149 
Alert Notifications 


= Software Changed: Adobe Flash Media Server 3.5.1 


Software version changed on host 2k3-cf8-26-149 


Software Changed: Windows Internet Explorer 
Software version 6.0.3790.1830 changed on host 2k3-cf8-26-149 


Port Changed: 80/tcp (SAP MaxDB) 
Port changed on host 2k3-cf8-26-149 


Active Vulnerability: QID 90882 MIN 


Windows Remote Desktop Protocol Weak Encryption Method Allowed is active on host 2k3-cf8-26-149 


( Active Vulnerability 


Active Vulnerability: QID 9069 di ie dl 


10 hours ago 


10 hours ago 


10 hours ago 


10 hours ago 


10 hours ago 
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Configuration 


Ruleset Builder: 


: New web app 


Tum help tips: On |Off XX 


Use the drag and drop alert ruleset builder below to customize the events you would like to be alerted on. 


Title 


Description 


Rule Alert Triggers 


Certificates 


lo 


Software 


Cancel 


Vulnerability 


New web appl 


Write a short description of this ruleset... 


Y Ports / Services 
Status 

Port 

Protocol 


Service 


Y] Opened 


Is in list 


Remove X 
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Configuration 


Ruleset Builder: New web app Turn help tips 


Use the drag and drop alert ruleset builder below to customize the events you would like to be alerted on. 


Title New web appl 


Description Write a short description of this ruleset... 


Rule Alert Triggers 


Vulnerability 


Certificates 


Vulnerability 


lo 


Software 


Cancel 
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\lerts Configuration 


Monitoring Profile Edit: Applications Web 


Edit Mode 


Ruleset 


Notifications 


Configure a profile for continuous monitoring of your hosts. 


Profile for Continuous Monitoring 
Title* 


Choose Target Hosts 
Tell us which hosts (IP addresses) you would like to monitor. 
© Select Tags @ Select IPs/Ranges 


IPs/Ranges 
10.10.26.0/24 


Exclude IPs/Ranges 


Tum help tips: On |Off XX 


(*) REQUIRED FIELDS 
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\lerts Configuration 


Turn help tips 


Edit Mode Configure a profile for continuous monitoring of your hosts. 


Profile for Continuous Monitoring (*) REQUIRED FIELD 


Title* 
Ruleset Applications Web 


Notifications 


Choose Target Hosts 


Tell us which hosts (IP addresses) you would like to monitor. 


@ Select Tags © Select IPs/Ranges 


Use IP Network Range Tags 
Choose from tags defined with IP address rules. We'll monitor the IP address range(s) in each selected tag. 


Include hosts thathave | All lv ofthe tags below. Add Tag 


(no tags selected) 


Do not include hosts 
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Configuration 


Edit Mode 
Hosts 


Ruleset > 


Notifications 


Tum help tips 


You have the option to set up alert notifications for you and other users. 


Frequency () REQUIRED FIELDS 


Tell us how often you want to receive notifications. 


Send emai alerts (EME [wi] 
never 

Users every 5 minutes 

every 20 minutes 

every 1 hour 


Tell us who should our distribution groups. 


Distribution Groug every 2 hours jon group 
every 6 hours 


every 12 hours 
Distribution Groug; ai = = 


Single User “weekly 
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Continuous Monitoring v Help w 


Alerts Configuration 


Harry Potter w Log out 


Alerts 
D | a 
| CATEGORY | 
Prol ¡e aporess toring Profiles) ~ Ruleset (multiple profiles selected) Eat Date Range: Last7 days M. Hide graph 
HOSTNAME 
40K 
FLAGGED 
20K HIDDEN 
0 
8. Nov 9. Nov 10. Nov 11. Nov 12. Nov 13. Nov 14. Nov 15. 
Actions W 92,201 alerts (1 selected) $% v 
í Alert Message Host Impacted Time ” 
| 
Y Software Changed: Update for Windows Server 2003 (KB911164) 10.10.26.149 18 hours ago 


Software version 1 changed on host 2k3-cf8-26-149 


Software Changed: Adobe Flash Media Server 3.5.1 10.10.26.149 
Software version changed on host 2k3-cf8-26-149 


Software Changed: Windows Internet Explorer 10.10.26.149 
Software version 6.0.3790.1830 changed on host 2k3-cf8-26-149 


Port Changed: 80/tcp (SAP MaxDB) 10.10.26.149 
Port changed on host 2k3-cf8-26-149 


Active Vulnerability: QID 90882 MIN 10.10.26.149 
Windows Remote Desktop Protocol Weak Encryption Method Allowed is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90781 WE 10.10.26.149 
Microsoft ASP .NET National ASCII Codepages Cross-Site Scripting Vulnerability is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 100112 MN 10.10.26.149 
Microsoft Internet Explorer Cache Objects History Enumeration Vulnerability - Zero Day is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90317 MN 10.10.26.149 
Microsoft ART Image Rendering Remote Code Execution Vulnerability (MS06-022) is active on host 2k3-cf8-26-149 


© © © © © D th mw m 


Active Vulnerability: QID 90698 BEME 10.10.26.149 
Microsoft Foundation Class Library Remote Code Execution Vulnerability (MS11-025) is active on host 2k3-cf8-26-149 


18 hours ago 


18 hours ago 


18 hours ago 


18 hours ago 


18 hours ago 


18 hours ago 


18 hours ago 


18 hours ago 
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Continuous Monitoring v Help w Harry Potter w Log out 


Alerts Configuration 


Al Alerts 
=| |x CATEGORY | v Q 
_ Host 
Profile: (All Monit! Port v | Ruleset (multiple profiles selected) Edit Date Range: Last7 days M| Hide graph 
dane Vulnerability 
Certificate 
20K Software 
System 
0 
8. Nov 9. Nov 10. Nov 11. Nov 12. Nov 13. Nov 14. Nov 15. 
Actions W 92,201 alerts (1 selected) $% v 
í Alert Message Host Impacted Time ” 
| 
Y Software Changed: Update for Windows Server 2003 (KB911164) 10.10.26.149 18 hours ago 


Software version 1 changed on host 2k3-cf8-26-149 


Software Changed: Adobe Flash Media Server 3.5.1 10.10.26.149 18 hours ago 
Software version changed on host 2k3-cf8-26-149 


Software Changed: Windows Internet Explorer 10.10.26.149 18 hours ago 
Software version 6.0.3790.1830 changed on host 2k3-cf8-26-149 


Port Changed: 80/tcp (SAP MaxDB) 10.10.26.149 18 hours ago 
Port changed on host 2k3-cf8-26-149 


Active Vulnerability: QID 90882 MIN 10.10.26.149 18 hours ago 
Windows Remote Desktop Protocol Weak Encryption Method Allowed is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90781 MIN 10.10.26.149 18 hours ago 
Microsoft ASP .NET National ASCII Codepages Cross-Site Scripting Vulnerability is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 100112 MIN 10.10.26.149 18 hours ago 
Microsoft Internet Explorer Cache Objects History Enumeration Vulnerability - Zero Day is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90317 EEE 10.10.26.149 18 hours ago 
Microsoft ART Image Rendering Remote Code Execution Vulnerability (MS06-022) is active on host 2k3-cf8-26-149 


Active Vulnerability: QID 90698 BEME 10.10.26.149 18 hours ago 
Microsoft Foundation Class Library Remote Code Execution Vulnerability (MS11-025) is active on host 2k3-cf8-26-149 
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Continuous Monitoring v Help w Harry Potter w Log out 


Alerts Configuration 


SS gang | 


[E]. CATEGORY: Port y | a 
Profile: | (All Monitoring Profiles) ~. Ruleset (multiple profiles selected) Edit Date Range: Last7 days ~| Hide graph 
40 
20 
8. Nov 9. Nov 10. Nov 11. Nov 12. Nov 13. Nov 14. Nov 15 
Actions W 71 alerts (1 selected) IE v 
[ Alert Message Host Impacted Time ” 
i 
v fe Port Changed: 80/tcp (SAP MaxDB) 10.10.26.149 18 hours ago 
Port changed on host 2k3-cf8-26-149 
Ge Port Changed: 80/tcp (http) 10.10.26.142 18 hours ago 
Port changed on host 10.10.26.142 
= Ha Port Changed: 80/tcp (http) 10.10.26.25 18 hours ago 


Port changed on host 2k3x64sp2-26-25.patch.ad.vuln.qa.qualys.com 


F fm Port Changed: 80/tcp 10.10.25.218 18 hours ago 
Port changed on host ora9208-win-25-218 


F fm Port Changed: 80/tcp (http) 10.10.25.182 18 hours ago 
Port changed on host com-reg-sles102-25-182.vuln.qa.qualys.com 
F fe Port Changed: 80/tcp (http) 10.10.24.230 18 hours ago 
Port changed on host com-test-dc-24-230.testing.compliance.vuln.qa.qualys.com 
ia fe New Open Port 80/tcp (http) 10.10.25.65 18 hours ago 
Port found on host 2k3sp1-p-25-65.2k3sp1.patch.ad.vuln.qa.qualys.com 
fj Port Changed: 80/tcp (http) 10.10.26.238 18 hours ago 
Port changed on host 10.10.26.238 
fe Port Changed: 8080/tcp (http) 10.10.26.238 18 hours ago 


Port changed on host 10.10.26.238 
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